Full Disclosure mailing list archives
Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US
From: Valdis.Kletnieks () vt edu
Date: Tue, 30 Sep 2008 17:31:53 -0400
On Tue, 30 Sep 2008 16:30:09 EDT, Eliah Kagan said:
When a http indexing bot (like those used by Google, for instance) comes upon a hyperlink into a page that is http authenticated, does it follow the link and try a blank password, or does it not follow the link? Is there some accepted standard for that?
The actual (slightly simplified) sequence of events: 1) Software (spider or browser) finds a link. 2) Software tries to follow the link. 3) The server sends back an error code that says "Nope, you need http auth here" 4a) Browser now puts up the box that asks for userid/password. 4b) spider gives up unless it's been configured to know the userid/password (for instance, if it's a spider internal to the organization). 5) Armed with the proper userid/password, the software then makes a *second* request for the page.
Here's another question...suppose someone finds that a Pentagon system is open to access and modification by anyone in the world, and then that person informs the appropriate governmental authorities rather than accessing the system. In response to that information, wouldn't the system administrators then **also have to investigate and then, regardless of the outcome, flatten and rebuild the system**?
It's *possible* that upon investigation, you can prove the system wasn't in fact compromised. For example, if the vulnerability was *known* to have been created last Tuesday at 10:18AM by a botched software install, and you have router netflow and firewall logs that show *every* access to the box since 10:18AM Tuesday, then you might be able to definitively say that nothing used the vulnerability to gain access. This is usually a *lot* easier than figuring out what an intruder did once they had free and unfettered access to the system. The details, of course, will depend on the nature of the vulnerability, what sort of logs are kept by the organization, and how long a window has passed.
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US, (continued)
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US n3td3v (Sep 29)
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US nzerozero p (Sep 30)
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US Miller Grey (Sep 30)
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US n3td3v (Sep 30)
- Message not available
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US n3td3v (Sep 30)
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US Exibar (Sep 30)
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US n3td3v (Sep 30)
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US Valdis . Kletnieks (Sep 30)
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US n3td3v (Sep 30)
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US Eliah Kagan (Sep 30)
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US Valdis . Kletnieks (Sep 30)
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US n3td3v (Sep 30)
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US Eliah Kagan (Sep 30)
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US Chris Jeane (Sep 30)
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US offbitz (Sep 30)
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US n3td3v (Sep 30)
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US Michael Krymson (Sep 30)
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US n3td3v (Sep 30)
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US Eliah Kagan (Sep 30)
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US Valdis . Kletnieks (Sep 30)
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US Miller Grey (Sep 30)